Tools to check for variants of Conficker:
http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/
BitDefender Online Scanner
http://www.bdtools.net/
Indonesian Antivirus
http://www.ansav.com/
Thursday, October 15, 2009
Tuesday, August 11, 2009
USB Vaccine
Be aware, that the most common infections comes from a USB autorun.inf. The most recent examples of this are the W32/Sality, W32/Virutas and also the W32/Conficker worm which, in addition to spreading via a vulnerability and network shares, also spreads via USB drives. The best option is to vaccinate your storage media using one of these links:
Original Site:
http://www.pandasecurity.com/homeusers/downloads/usbvaccine/
Vaccination Downloads:
http://www.pandasecurity.com/homeusers/downloads/result
http://acs.pandasoftware.com/marketing/promo/USBVaccine.zip
Saturday, June 13, 2009
MRT Ringtone!
lol my ringtone recorded directly from MRT3 speaker. Short and Long version is available. "Santolan Station!" Version :)
MRT3 <--- Link here
Tuesday, June 9, 2009
Preventing Worms/Viruses
When inserting a USB or storage media, never double-click a storage icon on My Computer regardless if it is a USB Drive, Mobile Phone, Mp4 Player, PSP, Digital Camera.. etc. Any storage media should be accessed via "tree menu" on the left of your explorer windows
Never double-click a folder, access via "tree menu" on the left of your explorer windows. There are known types of virus with identical folder icon. e.g: "New Folder.exe"
Always check the "Recycler" folder of each drive. It should only contain 1 folder that is not erasable. delete the duplicates.
go to "run" and type "%temp%" enter. ctrl+a and hit delete key, skip the undelete-able.
When downloading applications from warez site, always check if it is infected using any online scanners.(might comes in false positives due to hack/crack)
When something pops up your browser that your not aware of, hit "esc" key or if the pop up is insisting, go to task manager - Processes - End Process your Internet Browser
Never use Internet Explorer 6 and below.
If you encounters a Sality and Bootkits variants, you could have prevented it when you followed these simple Do's and Dont's.
Wednesday, May 20, 2009
Desktop Switcher
After 3 years, I finally found a software whose capable of assigning/switching folders from your current desktop folder location. If you like to show only for games or for works files.. etc; on your desktop, this is what you need:
http://chihiro718.jpn.org/ENG/software.html
* Only Runs in Vista
* The desktop icons/files are saved the way you arranged it, for each folder you assign.
http://chihiro718.jpn.org/ENG/software.html
* Only Runs in Vista
* The desktop icons/files are saved the way you arranged it, for each folder you assign.
Friday, November 14, 2008
Manual Virus Elimination in 1 Package
I've made a very handy apps for this:
Portable Manual Virus Elimination (download 2.1MB)
download, extract and open "start.exe" and follow the series..
1st: "Kill" --> this is used to stop and disable the virus temporarily
to do ~ right-click kill process everything under explorer.exe
2nd: "Disable" --> to cripple the virus from stating up whenever the windows loads up (* advanced fixing, go to 4th - regedit part below)
to do ~ delete all unusual the program on windows startup (check all the tabs)
3rd: "Fix" --> to fix the damage done by the virus (specially when the hidden/system files is crippled; enable the "show hidden files and system files by going to MyComputer-Tools-FolderOptions-View'Tab'-Uncheck"HideProtectedOSfiles and HideExtensionsForKnownTypes and select the ShowHiddenFiles&Folders then hit "apply")
to do ~ check all the box to fix your window's default settings
4th: go to run command and type "regedit"
to do ~ search this areas:
*optional: copy Checks USB Drive.exe to your desktop and enable it whenever you put a USB drive(thumb drive) to destroy all variants of autorun virus.
* if you found the virus file location, just delete that file
* how to identify if the program is virus? it may goes something like this:
SCVHOST.EXE --> it should be SVCHOST.exe
234dfh43.exe --> pretty obvious
under explorer.exe, there shouldn't have any SVCHOST, CSRSS, SMSS or any system files there except the MRT.EXE or the MS cincero loader
You will noticed that the program does'nt have any description when viewing it's processess. only VMicro or bigdog is the one with no description but it is used for your webcam.
if your "properties" the file, there is no details or even signature (except old OS's commands)
find the virus by "last modified" while hidden files are shown
top location of virus is the folder: windows, windows/system32, %temp%, documents and settings\"yourUserName"\local settings, the root directory
there are also many virus which using a "folder" icon.. it is much safer to browse folder using the "tree menu" located at the explorer's left panel
Portable Manual Virus Elimination (download 2.1MB)
download, extract and open "start.exe" and follow the series..
1st: "Kill" --> this is used to stop and disable the virus temporarily
to do ~ right-click kill process everything under explorer.exe
2nd: "Disable" --> to cripple the virus from stating up whenever the windows loads up (* advanced fixing, go to 4th - regedit part below)
to do ~ delete all unusual the program on windows startup (check all the tabs)
3rd: "Fix" --> to fix the damage done by the virus (specially when the hidden/system files is crippled; enable the "show hidden files and system files by going to MyComputer-Tools-FolderOptions-View'Tab'-Uncheck"HideProtectedOSfiles and HideExtensionsForKnownTypes and select the ShowHiddenFiles&Folders then hit "apply")
to do ~ check all the box to fix your window's default settings
4th: go to run command and type "regedit"
to do ~ search this areas:
1. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RUN
to do ~ check for unusual or unfamiliar program on that windows startup registry keys (1st)
2. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\\RUN
to do ~ check for unusual or unfamiliar program on that windows startup registry keys (2nd)
3. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
to do ~ check if there's a second file and erase it (example how it is written: "explorer.exe, [b]virus.exe[/b]")
4. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 --> the place where USB virus takes place
to do ~ check all of them and delete the virus thats autoruns when a USB drive is inserted (or anything that looks unusual example is:
{34fa4acc-d96e-11dc-8f3c-0019dbf93f99}
autoplay
autorun
J:\bar311.exe %1
explore
open
* delete the whole stuffs from that sample by rightclick and delete that folder. NOTE that you must not delete the values from the drives starting from A:, CPD, C: to below and the autoruns whose with @shell32.dll,-8507)
*optional: copy Checks USB Drive.exe to your desktop and enable it whenever you put a USB drive(thumb drive) to destroy all variants of autorun virus.
* if you found the virus file location, just delete that file
* how to identify if the program is virus? it may goes something like this:
SCVHOST.EXE --> it should be SVCHOST.exe
234dfh43.exe --> pretty obvious
under explorer.exe, there shouldn't have any SVCHOST, CSRSS, SMSS or any system files there except the MRT.EXE or the MS cincero loader
You will noticed that the program does'nt have any description when viewing it's processess. only VMicro or bigdog is the one with no description but it is used for your webcam.
if your "properties" the file, there is no details or even signature (except old OS's commands)
find the virus by "last modified" while hidden files are shown
top location of virus is the folder: windows, windows/system32, %temp%, documents and settings\"yourUserName"\local settings, the root directory
there are also many virus which using a "folder" icon.. it is much safer to browse folder using the "tree menu" located at the explorer's left panel
Wednesday, February 6, 2008
USB Autorun Viruses/Worms ~ how to avoid it?
USB Autorun Remover/Preventer
Whenever opening a USB Disk, never use the autoplay menu(just hold press esc key) and always use the Explorer's Tree Menu(left pane) whenever accessing the USB Drive.
For your safety, you can always download this file to auto protect your computer:
http://www.geocities.com/casablanca2000in/msp/#wimp2
Manually Disable Autorun
or simply hold [Shift] key when inserting / loading the storage card.
USB or Any Storage Media - Vaccine
http://www.pandasecurity.com/homeusers/downloads/usbvaccine/
Disabling autorun will decrease the chance of having infected ofthe known wide-spread virus/worms/trojan/backdoors. follow the steps below:
Disable AutoRun in Microsoft Windows
To effectively disable AutoRun in Microsoft Windows, import the following registry value:
- REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
To import this value, perform the following steps:
- Copy the text
- Paste the text into Windows Notepad
- Save the file as "autorun.reg"
Note: In certain circumstances, Notepad may automatically add a .txt extension to saved files. To ensure that the file is saved with the proper extension, select All Files in the "Save as type:" section of the "Save As" dialog. - Navigate to the file location
- Double-click the file to import it into the Windows registry
Microsoft Windows can also cache the AutoRun information from mounted devices in the MountPoints2 registry key. We recommend restarting Windows after making the registry change so that any cached mount points are reinitialized in a way that ignores the Autorun.inf file. Alternatively, the following registry key may be deleted:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
Once these changes have been made, all of the AutoRun code execution scenarios described above will be mitigated because Windows will no longer parse Autorun.inf files to determine which actions to take. Further details are available in the CERT/CC Vulnerability Analysis blog. Thanks to Nick Brown and Emin Atac for providing the workaround and to Aryeh Goretsky for pointing out a possible issue with Notepad appending a .txt file extension.
Subscribe to:
Posts (Atom)
.JPG)
